CVE-2021-32533
CRITICALQSAN SANOS < 2.1.0 - Unauthenticated OS Command Injection
Title source: llmDescription
The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4890-39791-1.html
Scores
CVSS v3
9.8
EPSS
0.0192
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
qsan/sanos
< 2.1.0
Published
Jul 07, 2021
Tracked Since
Feb 18, 2026